i think it's just a scare.. they still have ff2 on their website..they dont mention anything about vulnerabilities and apparently it is still supported( they used to say ff2 will be killed-off before december)
if it was truly a security risk, they'd never have it listed on their download page:
that's a liability
the latest discovered whatsit dns phishing spoof thing is very hard to cause any problems and it's across a all geckos versions and even other browsers..so it's not a gecko 1.8-only bug to suddenly make it the smelly cat.
they are sleeping with ms which wants all pre-xp oses dead..they'd love to kill xpee as well if they can.
they are all sleeping together and google, mozilla and ms are having a menage a trois.